Actually, this is the first time I've heard subnetting explained in a way
that actually made sense.
Kudos!
And thank you!
- Original Message -
From: "Adrian Wenzel"
To:
Sent: Saturday, February 28, 2009 9:22 AM
Subject: Re: [pfSense-discussion] WAN LAN1 and LAN2 (OPT1)
>
> My apologi
The rules are the easy part. I had to do a similar thing for a pfSense box
that had 4 interfaces.
I'm just going to share my advice now, but you'll need to get the subnetting
figured out before you can add these rules.
One the LAN2 interface, create a block rule that goes at the very top of the
ru
SLC, since storage isn't the most important factor. It gives better
performance (a nice bonus, since it's also not primary) and more importantly
it gives a longer lifetime, since fewer cells are over written with each
write.
FYI,
Although not specifically about CF, I found this article enlightenin
Thank you for your answer.
- Original Message -
From: "Chris Buechler" <[EMAIL PROTECTED]>
To:
Sent: Tuesday, September 30, 2008 5:43 PM
Subject: Re: [pfSense-discussion] W.O.L. Security Question
> On Tue, Sep 30, 2008 at 2:39 AM, DarkFoon <[EMAIL PROTECTED]>
Greetings all,
I recently upgraded my pfsense platform to a new(er) motherboard with an
integrated NIC with Wake On LAN.
If I use this as my WAN interface, does it pose any security vulnerability?
I do not see a way in the BIOS or as a jumper to turn off WOL.
I would normally assume that it would
To be honest, I was wondering a similar thing.
- Original Message -
From: "Paul M" <[EMAIL PROTECTED]>
To:
Sent: Tuesday, March 04, 2008 2:01 AM
Subject: Re: [pfSense-discussion] CD-ROM + floppy
> Chris Buechler wrote:
> > DarkFoon wrote:
> >>>
: Saturday, March 01, 2008 5:44 PM
Subject: Re: [pfSense-discussion] CD-ROM + floppy
> DarkFoon wrote:
> > Does pfSense 1.2 still support booting from CD-rom and storing the
> > config (and possibly other data) on a floppy disk?
> Yes. just the config is kept on the floppy. USB
Does pfSense 1.2 still support booting from CD-rom and storing the config (and
possibly other data) on a floppy disk?
I've had my pfsense box up and running for 124 days straight (woo hoo) but
back in July, the NTPD log page reported this:
>Jul 26 06:29:02 ntpd[588]: Terminating
>Jul 26 06:29:02 ntpd[588]: dispatch_imsg in main: pipe closed
There was nothing new since those reports. I assumed that the whole time
There is no logout (AFAIK)
You can't install plain old 3rd party apps, you have you install a pfSense
package. Only some software is available as pfSense packages, and many of
them are beta or alpha. But you can make your own packages, something I
haven't personally tried yet.
To browse the package
I was able to find the dhcpd.conf file under /var/dhcpd/etc
and I feel like I've scoured every nook and cranny, but I cannot find
dnsmasq.conf.
I require these two files because I'm attempting (for my own improvement) to
set up a linux box to do pretty much the same thing as my pfSense box.
Whe
I, too, would like to thank you all for your comments and suggestions.
This is a solution that I had not even considered for a problem that I have
been having, and I like this solution much better than the other one I had
considered.
The problem I've been having, in short, is that I get invited to
I'm considering installing the UPnP daemon on some home/home office boxes, and
I'm curious what the security issues are.
>From my own (simple) analysis, the worst that could happen is a malicious
>application could ask for many, many (almost all?) of the ports above 1024 to
>be routed to a machi
I was hired to do the same thing for a small business a year ago.
I learned about a month and a half into the project that windows shares,
while they work across subnets, the hostname can't be used because of WINS,
only the IP address. Workgroups especially do not work across subnets. I
would like
Seems to me that with PPTP (and other protocols) if the source IP address of
packets sent to the client differs from the IP the client sends packets to,
the PPTP software discards (as it should) the packets because they could be
coming from an untrusted third-party.
- Original Message -
F
Hi everybody.
A friend of mine recently informed me that
his college is going to be adding some "policy enforcement" devices (Cisco
brand) to their network that will push Symantec Security software onto all
computers on the campus network. If your computer doesn't meet the policy, it is
deni
I see,
thank you for the clarification.
- Original Message -
From: "Scott Ullrich" <[EMAIL PROTECTED]>
To:
Sent: Tuesday, August 29, 2006 7:59 AM
Subject: Re: [pfSense-discussion] Dynamic DNS - no password encryption
> On 8/29/06, DarkFoon <[EMAIL PROTECTED]>
I was looking through my XML configuration
recently, and I noticed that my Dynamic DNS password is not encrypted like the
PFsense password is.
It seems to me that this is a rather important
password and should be encrypted (if possible).
Title: VPN with ipsec setup question
Seconded.
I too, have a similar situation with mobile IPSec
VPN clients, and this information would be quite helpful.
- Original Message -
From:
Heath Henderson
To: discussion@pfsense.com
Sent: Wednesday, August 23, 2006 7:55
AM
s at up to 32 mbit/s with latest release fyi.
>
> Holger
>
> -Ursprüngliche Nachricht-
> Von: DarkFoon [mailto:[EMAIL PROTECTED]
> Gesendet: Fr 28.07.2006 00:42
> An: discussion@pfsense.com
> Cc:
> Betreff: [pfSense-discussion] Benchmarking
>
I've recently upgraded my pfSense box from a
pentium-MMX 233Mhz to a Celeron-MMX 333MHZ and I am curious how the developers
(or anybody on the list) would go about benchmarking the system (max throughput
is what I'm mostly curious about)
One quick question: aliases are broken in 1.0 RC-1,
I just upgraded to RC-1 from Beta2, and I must say
that I am impressed.
I like the new features, such as the RRD graphs
(well, they're new to me)
and the filter status page.
The product is very polished.
So I am thanking the pfSense team for the excellent
job they have done!
Mr. Leitl,
I don't quite understand your problem here.
You claim that the m0n0 interface has better usability, and is superior in
look, however, you do not support these claims with any useful examples that
would allow the pfSense team to improve their interface.
pfSense is not m0n0; it has more f
-
From: "Rajkumar S" <[EMAIL PROTECTED]>
To:
Sent: Tuesday, June 06, 2006 11:04 PM
Subject: Re: [pfSense-discussion] packet A/V?
> DarkFoon wrote:
> > Is there anybody working on a package that does anti-vir scanning on
> > incoming internet packets?
>
>
Thank you very much
- Original Message -
From: "Scott Ullrich" <[EMAIL PROTECTED]>
To:
Sent: Tuesday, June 06, 2006 1:48 PM
Subject: Re: Re[2]: [pfSense-discussion] P2P Blocker
> On 6/6/06, DarkFoon <[EMAIL PROTECTED]> wrote:
> > I may have over looked i
Is there anybody working on a package that does
anti-vir scanning on incoming internet packets? I get the impression that
SonicWalls do it, and it'd be killer if PfSense (becaouse sonicWalls do not look
cheap) www.sonicwall.com
I remember some time ago somebody was working on
this with squ
I may have over looked it, but where in pfSense can you set the maximum
number of states a workstation can have? I like that idea for P2P blocking.
- Original Message -
From: "Bill Marquette" <[EMAIL PROTECTED]>
To:
Sent: Tuesday, June 06, 2006 1:07 PM
Subject: Re: Re[2]: [pfSense-discus
> In most of the other locations I would rather
> go with CF so there are no moving parts. I am looking at Kingston
Elite
> Pro CF cards, 512mb for $30 dollars, I saw them mentioned on the list.
> Does anyone have any recommendations of other brands.
http://anandtech.com/storage/showdoc.aspx?i=26
Hello all,
my client wants himself and his franchisees to be
able to securely access a fileserver (actually it's his workgroup-soon to be
domain-server) behind the pfSense box and upload important data files to it.
These clients are using laptops with wireless connections(3G access, not wi-fi
hatever m0n0wall uses, we use.
Scott
On 3/16/06, DarkFoon <[EMAIL PROTECTED]> wrote:
>
> I was wondering what authentication method is used by the PPTP server
in
> pfsense: MSCHAP-v2 or EAP-TLS?
>
> Where can I find more information about the PPTP implmentation used by
>
I was wondering what authentication method is used
by the PPTP server in pfsense: MSCHAP-v2 or EAP-TLS?
Where can I find more information about the PPTP
implmentation used by pfSense?
Thanks
Anthony
I'm experiencing some strange behavior with my beta2 box.
I have to keep manually renewing the WAN dhcp. I'll connect to a website
from a client on the LAN, and then maybe five minutes later, when I go
to another page, it "can't find the page" (none of my internet based
things work, actually), so I
pes and mirrors should be supported afaik),
however I haven't tried it out personally. Just a suggestion.
Holger
> -Original Message-
> From: DarkFoon [mailto:[EMAIL PROTECTED]
> Sent: Friday, March 10, 2006 6:24 AM
> To: discussion@pfsense.com
> Subject: Re: [pfSense
h ;) )
thanks for the help!
Anthony
(stupid flu!)
- Original Message -
From: "Andrew Burnette" <[EMAIL PROTECTED]>
To:
Sent: Thursday, March 09, 2006 6:49 PM
Subject: Re: [pfSense-discussion] pfSense merge with freebsd?
> DarkFoon wrote:
> > I am curious if it is possible to
ause I lack a crappy harddrive to install to.
- Original Message -
From: "Jim Thompson" <[EMAIL PROTECTED]>
To:
Sent: Thursday, March 09, 2006 12:18 PM
Subject: Re: [pfSense-discussion] pfSense merge with freebsd?
> DarkFoon wrote:
>
> > I am curious if it is p
I am curious if it is possible to "merge"-for want
of a better word-pfSense with a FreeBSD install. Why? Well, I have a client who
wants to integrate everything into 1 box if possible. I told him its not
possible, but I wouldn't be doing my job if I didn't check to see if I am
wrong.
Basic
gt;
To:
Sent: Sunday, March 05, 2006 7:04 AM
Subject: RE: [pfSense-discussion] Wierd display problem in IE
No Problem here. Check your Fontsize settings of the browser. You
probably have modified them.
Holger
-Original Message-
From: DarkFoon [mailto:[EMAIL PROTECTED]
Sent: Sunday, Ma
I probably should have posted this bug before the
beta2 release. but oops on my part. (sorry!)
In IE all the pfsense text is way too small
(like 6 font or smaller) using the pfsense-pulldown
"skin".
I have a screenshot, but I don't know how to show
it to ya guys.
do I send it as an
atta
Well, I have seemed to have fixed it, but the solution makes no sense to me.
Perhaps it will make more sense to those of you with more networking knowledge
than I.
All of the cables leaving the PfSense box went to switches. The one hooked up
to the LAN had the cable plug into a regular port on
nope, doesn't fix it. Just upgraded. Still as broke as it was an hour ago.
The system is a Dell Optiplex (I can't find the model number at this time) It
has a Pentium 3 and a 10 GB harddrive, if that helps at all.
-- Original message --
From: "Scott Ullrich" <[EM
I just set up a PfSense firewall for a company, and I seem to be having
problems
with the OPTx interfaces. There are 4 of them, three of which are connected to
cables which are connected to switches (the fourth OPT i/f is currently
unused).
The interfaces are all set up in the webGUI (non con
If I were to contribute to fixing this particular problem, what kind of
skills would I need? Programming in C, writing PHP, making pretty GUI
webpages?
I'd like to help, but I do not know how to program, nor do I know PHP,
but I have written webpages (yeah, I'm lame)... in notepad.
This seems simpl
I did not notice an option in PfSense that allows a user to set a rule
for certain time periods. Is there any plans for this later on, or
experimental versions with it now?
An example for clarification: block all access until 12:00a (midnight)
then allow access for an hour, and block access until
essage -
From:
DarkFoon
To: discussion@pfsense.com
Sent: Saturday, February 18, 2006 5:09
PM
Subject: Re: [pfSense-discussion] VPN
woes
The Stunnel package won't install on my PFsense
box.
Installing stunnel and its
dependencies.Downloading p
ssion] VPN
woes
Use ssl tunnels
-> google for ssl explorer
-chad
From:
DarkFoon [mailto:[EMAIL PROTECTED] Sent: Saturday, February 18, 2006 5:38
PMTo: discussion@pfsense.comSubject: [pfSense-discussion] VPN
woes
My client wants VPN for h
My client wants VPN for his company, so his
franchisees can VPN connect to the domain in his office and share files or
something (he's rather vague about this).
Right now, I've got his PfSense box at my house so
I can test it. I'd like to test the VPN from his office, but they're behind a
r
So I was telling one of my friends the other day
about PfSense. At one point, he stopped me and said, "You know what that stands
for, don't you?"I said, "Duh! 'Packet Filter'"
Then came his reply, "Nononono. It stands for 'Plain F**king sense'"
And then I had to write this email about
it.
S
So I (finally) have a pfSense box that I can experiment
with (I've been but a spectator here for the last few months) . It has several
OPTx interfaces in it, and I don't want them to communicate with one another.
I have made block rules on each interface blocking outgoing traffic to the
other
clock interrupts,
in
order to reduce the latency in processing packets, it is not advisable
to
decrease the frequency of the clock below 1000 Hz.
On 2/14/06, DarkFoon <[EMAIL PROTECTED]> wrote:
>
> I can't seem to find a list of devices that support polling on the
ls.)
As in the worst case the devices are only polled on clock interrupts,
in
order to reduce the latency in processing packets, it is not advisable
to
decrease the frequency of the clock below 1000 Hz.
On 2/14/06, DarkFoon <[EMAIL PROTECTED]> wrote:
>
> I can't se
I can't seem to find a list of devices
that support polling on the site.Is it the exact same list as the one
for m0n0wall?
If so, may I reccomend that someday somebody make a
more detailed list?For example, the m0n0wall website says that some support
hardware VLAN tagging while others suppor
plenty of other things to work
on that I am better at for the time-being. His firewall solution for now
does it's job.
Anthony
- Original Message -
From: "Rainer Duffner" <[EMAIL PROTECTED]>
To:
Sent: Wednesday, February 01, 2006 4:03 PM
Subject: Re: [pfSense-discussion]
ts on these
> separate "ports" can talk to each other at all then his theory of
> protecting the other hosts if one gets compromised is pretty much
> debunked. Unless each port / network is configured to have very
> restrictive rules and can't talk to the others at all then
PROTECTED]>
To:
Sent: Tuesday, January 31, 2006 10:39 PM
Subject: Re: [pfSense-discussion] Clients... ugh
> Quoting DarkFoon <[EMAIL PROTECTED]>:
>
> > and Secondly, does anybody know of any "hardware" firewall/routers (man,
I'm
> > tired of typing that) tha
I've got a client who has asked me (among other
things) to make him a router/firewall. Currently he has a "hardware"
firewall/router but I told him that it doesn't support the features he wants. I
attempted to pursuade him to use pfSense, but he would rather have a "hardware"
(meaning linksy
it sounds to me that what he wants is to block packets to/from port 25,
except for outgoing packets to a specific IP address.
- Original Message -
From: "Holger Bauer" <[EMAIL PROTECTED]>
To:
Sent: Thursday, December 22, 2005 12:10 AM
Subject: AW: [pfSense-discussion] block port 25
At
56 matches
Mail list logo
